Icrontic has finally joined civilized society and splurged on a wildcard SSL. It's currently in the process of getting setup. So no, it's not unexpected if you suddenly see a little green lock in the URL bar later this week.
@Tushon said:
Woo changes! Is there a reason you didn't opt for using something like Let's Encrypt before splurging?
I was a little concerned about the CA chain and it being accepted for things I may want to do. I chose RapidSSL because it maximized acceptance rates without costing a fortune. At least, I think it did. This isn't really my area. Which is also the other reason: I ain't got time for that. I'd rather throw a little money at the problem than burn a weekend tinkering in sysadmin land at this stage of my life.
@ardichoke said:
A wildcard cert for Icrontic? What, do you have money to burn? o_O
It wasn't that bad; about $300 for 2 years.
The day I buy a non-wildcard cert for Icrontic is the day I suddenly realize I need a protected subdomain, I can just feel it. My tinkering knows no boundaries when I get off on a tangent, and I don't wanna touch this again for 2 years.
I'm thinking more of the fact that you can get standard SSL certs for $0 at this point, which is plenty to run any website that isn't dealing with confidential data.
Tracked down that rogue /profile.json call, looks like it was some old stats plugin I don't care about so I just turned it off. Fixed the avatars / badges / activity over SSL too.
I did a mass-update on embedded content that links to stuff folks uploaded to Icrontic. However, for stuff embedded from other sites, it's not really safe for me to do that because I have no idea if X site supports https or not. So for discussions with rando media embedded, there's just always gonna be an SSL alert and I don't think there's anything I can do about it.
Personally, I don't think the mixed protocol message is that big of a deal. It's not an ecommerce site. Anyone who is going to pay attention to the little exclamation point in their address bar is probably knowledgeable enough to realize user content may not be loaded over HTTPS.
Comments
Woo changes! Is there a reason you didn't opt for using something like Let's Encrypt before splurging?
biogel, yay!...what?...not real?...well then what the hell else did he mean? sounds like fancy stuff.
A wildcard cert for Icrontic? What, do you have money to burn? o_O
I'm not sure what UC Berkeley's Space Sciences Lab has to do with Icrontic, but hey, you're the boss.
Super Sassy Linc.
I was a little concerned about the CA chain and it being accepted for things I may want to do. I chose RapidSSL because it maximized acceptance rates without costing a fortune. At least, I think it did. This isn't really my area. Which is also the other reason: I ain't got time for that. I'd rather throw a little money at the problem than burn a weekend tinkering in sysadmin land at this stage of my life.
It wasn't that bad; about $300 for 2 years.
The day I buy a non-wildcard cert for Icrontic is the day I suddenly realize I need a protected subdomain, I can just feel it. My tinkering knows no boundaries when I get off on a tangent, and I don't wanna touch this again for 2 years.
Makes sense to me. @ardichoke may be thinking of the big vendor prices, e.g. Verisign aka $$$$ for wildcard or EV SAN certs.
VERI$IGN MIRITE?
Yeah, to hell with EV and big brands for an indy site. I just need a CA chain that stands up to whatever I feel like integrating.
I'm thinking more of the fact that you can get standard SSL certs for $0 at this point, which is plenty to run any website that isn't dealing with confidential data.
See: StartSSL or Let's Encrypt.
I've had valid SSL certs on most of my domains and services even though I'm the only one that uses them, and I've never paid a penny for a cert.
Congrats on the new bell and whistle for Icrontic!
You can now browse as https://icrontic.com. I'll wait another day or two to force it so folks can let me know if there are any issues.
https://icrontic.com/bestof/everything > will report content errors due to loading http content from posts
https://icrontic.com/profile/Tushon > shows errors from past image uploads. A number of other potential issues from migration or SSL for badge images.
Also seeing this in console (spacing is shit)
GET https://icrontic.com/profile.json&callback=? 404 (Not Found)send @ jquery.min.js?v=2.2.101.8:6x.extend.ajax @ jquery.min.js?v=2.2.101.8:6d @ track.min.js?v=1.0.3&v=2.2.101.8:1(anonymous function) @ track.min.js?v=1.0.3&v=2.2.101.8:1c @ jquery.min.js?v=2.2.101.8:4p.fireWith @ jquery.min.js?v=2.2.101.8:4x.extend.ready @ jquery.min.js?v=2.2.101.8:4q @ jquery.min.js?v=2.2.101.8:4
Also, the links at the bottom of page and the content behind them likely needs some help.
Looks like we have a few things to address:
The first couple are straightforward things that can get fixed & mass-updated. The other is trickier.
Tracked down that rogue /profile.json call, looks like it was some old stats plugin I don't care about so I just turned it off. Fixed the avatars / badges / activity over SSL too.
I did a mass-update on embedded content that links to stuff folks uploaded to Icrontic. However, for stuff embedded from other sites, it's not really safe for me to do that because I have no idea if X site supports https or not. So for discussions with rando media embedded, there's just always gonna be an SSL alert and I don't think there's anything I can do about it.
Personally, I don't think the mixed protocol message is that big of a deal. It's not an ecommerce site. Anyone who is going to pay attention to the little exclamation point in their address bar is probably knowledgeable enough to realize user content may not be loaded over HTTPS.